Forum OpenACS Q&A: Re: Password in ClearText

Collapse
31: Re: Password in ClearText (response to 1)
Posted by Don Baccus on
To build on Derek's response ... we do target the web developer with a clue.  I think Andrew thinks we should aim lower - as folks working on "website in a box" type solutions typically do.

I'd say it's also the case that when someone without a clue builds a website, it's likely to attract little attention and in practice the chance of someone using a packet sniffer to grab a password in the clear, log in, and do Something Terrible to such a website are ... very low.

Not that this is an excuse for not using SSL.

But I think Andrew's raising a non-issue here.